awesome-threat-detection/README.md
2018-01-16 17:07:22 +11:00

8.5 KiB
Raw Blame History

Awesome Threat Detection and Hunting

Awesome

A curated list of awesome threat detection and hunting resources

Contents

Tools

  • HELK - A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.
  • osquery - An operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. It exposes an operating system as a high-performance relational database.
  • osquery-configuration - A repository for using osquery for incident detection and response.
  • DetectionLab - Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices.
  • Sysmon-DFIR - Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  • sysmon-config - Sysmon configuration file template with default high-quality event tracing
  • Atomic Red Team - Small and highly portable detection tests mapped to the Mitre ATT&CK Framework
  • Revoke-Obfuscation - PowerShell Obfuscation Detection Framework

Frameworks

Resources

Videos

Trainings

Twitter

Contribute

Contributions welcome! Read the contribution guidelines first.

License

CC0

To the extent possible under law, Adel "0x4D31" Karimi has waived all copyright and related or neighboring rights to this work.